Personal Data Protection Law – TED ÇORLU KOLEJİ

Personal Data Protection Law

DISCLOSURE/INFORMATION TEXT ABOUT THE PROCESSING OF PERSONAL DATA

We, as Can Sağlık Tesisleri İşletme ve Ticaret Anonim Şirketi (“TED Çorlu College”, “School” or “Company”), pay maximum attention to compliance with the provisions of the Personal Data Protection Law Number 6698 in terms of processing and protection of your personal data. We would like to inform you about your personal data in accordance with the Personal Data Protection Law Number 6698 (PDPL) which was prepared and came into force for the purpose of protecting the confidentiality of private life and the fundamental rights and freedoms.

Your personal data is processed according to the following methods, basis, purposes and conditions for a period prescribed in the relevant legislation or for a period required for the purpose of processing, and all administrative and technical measures are taken by our School to protect your personal data.

  1. According to the Definitions Provided in the Personal Data Protection Law:

1.1. Personal Data: Refers to all data related to an identified or identifiable natural person. It does not only include the data that allows for the absolute identification of a person such as first name, last name, date of birth and place of birth, but also the information related to physical, family, economic, social and other characteristics of a person. An identified or identifiable person refers to the identification of that person by associating the existing data with a natural person in any way whatsoever. This includes all cases in which the person is identified as a result of having any concrete contents that describe the physical, economic, cultural, social or psychological identity of the person or associating the person with any records such as ID card, tax identification number, insurance number etc.

1.2. Special Personal Data: Refers to the data related to a person’s race, ethnicity, political thought, philosophical belief, faith, religion, sect or other beliefs, dress, membership of an association, foundation or union, health condition, sexual life, criminal conviction and security measures as well as biometric and genetic data.

1.3. Data Subject: Refers to the natural person whose personal data is processed.

1.4. Processing of Personal Data: Refers to any operation which is performed upon personal data such as collection, recording, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization or blocking its use by wholly or partly automatic means or otherwise than by non-automatic means which form part of a data recording system.

1.5. Data Controller: Refers to natural or legal person who determines the purposes and means of the processing of personal data, and who is responsible for establishment and management of the data recording system. Data Controllers may be natural persons or legal persons such as public authorities, companies, associations or foundations.

1.6. Data Processor: Refers to natural or legal person who processes personal data based on the authority granted by and on behalf of the Data Controller. Any natural or legal person may be both Data Controller and Data Processor at the same time. We hereby declare that the personal data that you provided to Can Sağlık Tesisleri İşletme ve Ticaret Anonim Şirketi is not used beyond the purposes of collection of such personal data, your personal is not processed and is not disclosed to third parties without your explicit consent or existence of any of the exemptions described in the Article 5 of the PDPL, and all administrative and technical measures required to ensure appropriate security level are taken by us.

  1. Data Controller and Representative:

“Data Controller” is Can Sağlık Tesisleri İşletme ve Ticaret Anonim Şirketi in terms of your personal data collected by the officers of our School and all our suppliers, business partners and consultants.

  1. Method and Legal Basis for the Collection of Personal Data:

In accordance with the Law, our Company collects the personal data of parents and students verbally, in writing or electronically by using the following channels through wholly or partly automatic means or otherwise by non-automatic means which form part of a data recording system pursuant to the provisions of the Law, and processes and discloses such personal data for the purposes specified in the paragraphs c and d of this text in accordance with the personal data processing conditions and purposes prescribed in the Articles 5 and 6 of the Law.

3.1. Personal Data of Parents and Students is collected through:

  • Written or electronic application forms,
  • Identification Information of Parents and Students: Turkish identification number, first name, last name, place of birth, date of birth, passport number (for foreigners), signature (if any), civil status,
  • Personnel Information: Gender, custody information, citizenship information, educational background, Ministry of National Education (E-School) information,
  • Contact and Address Information: Telephone numbers, e-mail addresses, numbers and addresses (home address, office address) of emergency contact names,
  • Professional Information: Title, experience, employer,
  • Exam scores and marks of student,
  • Parents meeting minutes,
  • Minutes of the interviews held with the counselor and/or advisory teachers,
  • Accounts operated on behalf of our Company in various social media channels,
  • Correspondence made through electronic mail addresses, text messages and multimedia messages sent, all communication means and other communication methods including data forms,
  • References and employment or consulting companies with which our Company cooperates,
  • Controls and investigations conducted by our Company to verify the accuracy of the information provided by candidate students and parents.

It is essential to keep the information of natural persons accurate and up-to-date in accordance with the mandatory provisions of laws. Therefore, we might request our parents and students to update their personal data at certain intervals. Besides, if any changes occur in the data of students, they are expected to provide our Company with such data. Our Company may in no way be held responsible for inaccurate data provided by parents and students.

3.2. Data of Visitors:

CCTV is used at TED Çorlu College and other facilities for security purposes. We collect and record the information of visitors of our school and other facilities such as their first names, last names, vehicle registration numbers, times of entry and exit and the names of the people to be visited by them for security purposes.

3.3. Data of the Third Parties and Suppliers Collected Due to Business Relationship:

We might collect the data of third parties (representatives/personnel) and authorized officers from which our Company supplies products and services and with which we have rental and similar business relationships, such as their first and last names, Turkish identification numbers, contact details, professional data such as their positions/departments and qualification certificates, vehicle registration numbers, financial data such as account number depending upon the nature of the situation, for the purpose of negotiating, concluding, executing and proving a contract. As the type of business relationship could be different for each person, the above-mentioned data will not be applicable for each natural person and will be different depending upon the nature of business.

  1. Purposes of Processing Personal Data:

4.1. Your Personal Data is processed for the following purposes:

  • Providing services by our School, taking, implementing, proving and improving all necessary actions, enrolling students at the School, managing education activities including measurement and assessment,
  • Verifying and recording identification data, filing and arranging documentation required to be collected during the enrolment process, executing the obligations under the enrolment contract,
  • Recording the necessary data of students as part of internal processes of the School, using and disclosing such data to other related parties in various education processes, when and if necessary,
  • Monitoring, assessing and reporting on the personal, physical, psychological and academic development process of students, monitoring and following up the process of their adaptation to the School and other facilities, ensuring adaptation to and following up the discipline process within the School,
  • Recording parents meetings held in relation with students, following up the progress,
  • Preparing exams for the assessment of students, monitoring and following up their academic and social development processes, measuring their achievements,
  • Creating a record if the Students wish to use the School library, recording the names of the books available at the School library, taking measures against the possibility of late return and loss,
  • Assessing the course grades, development and financial condition of the students benefiting from scholarship applications,
  • Organizing and recording clubs and activities, events, social services, national and international projects, excursions and artistic activities held for the benefits of students,
  • Sharing all useful activities organized in and out of the School in relation with the exemplary education applications in social media accounts, website, e-bulletin and with the relevant organizations with which the projects are implemented, using the video and photograph records,
  • Creating records related to the contracted shuttle bus service of the School, providing the necessary information to the relevant authorities,
  • Creating and following up health files, sharing these files with the other relevant units for the purpose of conducting examinations and emergency interventions, when and if necessary,
  • Implementing and inspecting the quality, information security and confidentiality policies and standards of our Company properly,
  • Recording and following up information related to payments,
  • Fulfilling the obligations related to e-invoice, e-archive and e-dispatch note,
  • Preparing the reports and analyzes to be submitted to top management,
  • Preparing the reports and analyzes to be submitted to top management,
  • Fulfilling the requirements of applicable laws and regulations (all relevant legislations such as tax legislation, social security legislation, code of obligations, commercial law, occupational health and safety law, electronic communication legislation),
  • Fulfilling the disclosure requests of public authorities and organizations to the extent it is required or stipulated by legal regulations,
  • Fulfilling the legal obligations prescribed by laws.

4.2. It is Possible to Process General Personal Data Without Need for Seeking Your Explicit Consent In Case of Existence of Any Conditions Prescribed in the PDPL:

  • It is expressly permitted by any law,
  • It is necessaryin order to protect the life or physical integrity of the data subject or another person where the data subject is physically or legally incapable of giving consent,
  • It is necessary to process the personal data of parties of a contract, provided that the processing is directly related to the execution or performance of the contract,
  • It is necessaryfor compliance with a legal obligation which the Data Controller is subject to,
  • The relevant information is revealed to the public by the Data Subject herself/himself,
  • It is necessary for the establishment, usage or protection of a right;
  • It is necessaryfor the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the Data Subject are not damaged.
  1. Transfer of Personal Data:
  • Processed personal data might be disclosed to the following organizations inland and abroad to the extent it is mandatory to disclose,
  • Contracted banks in relation with payments and other financial transactions,
  • Companies and enterprises that organize events such as exams, contests, conferences, seminars, symposiums, memorial services, award ceremonies, excursions, tournaments etc.,
  • Doctors, food engineers and specialists, if it is deemed necessary due to the psychological and physiological condition of students,
  • Publishing the events to be organized in or out of the School in social media accounts, website, notice boards and e-bulletin of the School,
  • Occupational health and safety organizations, hospitals and medical institutions for the purpose of making emergency medical interventions and fulfilling occupational health and safety obligations,
  • Suppliers and solution partners for the purpose of fulfilling the functions such as software, enterprise resource planning, reporting, marketing etc.,
  • Audit firms and information security companies for the purpose of conducting the necessary quality, confidentiality and standard audits,
  • Companies that process data (provide IT support, traffic/customer satisfaction measurement, profiling) on behalf of our Company,
  • Servers located abroad including EU countries and the companies that provide such server support due to the information technologies used by our Company as well as the companies that provide cloud ID service, if cloud IT is used,
  • Relevant audit firms, independent audit firms, financial advisers/accounting companies and law firms for the purpose of fulfilling our obligations and auditing our commercial activities under the provisions of the relevant legislations,
  • Relevant suppliers in terms of ensuring the functioning of the common database installed by the Company,
  • Cargo companies for the purpose of ensuring delivery, when and if necessary,
  • Companies and organizations that request reference information about employees,
  • Public authorities and organizations for the purpose of fulfilling legal requirements and/or requests of official authorities
  1. Period of Storing Personal Data

All your personal data is stored for the period suitable for its purpose. According to the Article 7/1 of the PDPL Number 6698; your personal data will be deleted, destroy or anonymized by TED Çorlu College when there is no need to process such data and/or upon expiry of the periods of storage prescribed by laws.

  1. Rights of Personal Data Subject:

7.1. In accordance with the Article 11 of the PDPL, You Are Entitled to Make an Application to Can Sağlık Tesisleri İşletme ve Ticaret Anonim Şirketi at Any Time and Make the Following Requests In Relation with Your Personal Data:

  • To know whether your personal data has been processed or not,
  • If your personal data has been processed, to ask for information about processing of such data,
  • To know the purpose of processing of personal data and to know whether such data is used in accordance with the purpose,
  • To know the third parties inland or abroad, to whom such personal data has been disclosed,
  • If the personal data has been processed incompletely or wrongly, to ask for correction of it and to ask for providing information to third parties, to whom such personal data has been disclosed, in connection with the operation conducted,
  • To ask for deletion or disposal of personal data in accordance with the conditions prescribed in the PDPL and to ask for providing information to third parties, to whom such personal data has been disclosed, in connection with the operation conducted,
  • To object to the occurrence of any negative results about data subject through analysis of the processed data exclusively by automatic systems,
  • To ask for the indemnification of the loss suffered due to the processing of personal data in violation of the law.

7.2. To Exercise Your Rights under the Article 11 of the PDPL:

You must fully complete the application form available at our website and deliver a signed copy of the form to our School located at “Hatip Mahallesi Yeni Bosna Caddesi No:11 59860 Çorlu/Tekirdağ” personally or through Notary Public or sign this form by secure electronic signature and send it to the electronic mail address [email protected].

The applications must contain the first name, last name and signature of the applicant, if the applications are made in writing, as well as Turkish Identification Number for the citizens of the Republic of Turkey, nationality, passport number/identification number for foreigners, domicile or workplace address to be used for legal notifications, electronic mail address, telephone or fax number, if any, to be used for legal notifications and the subject of request.

In relation with the application that contains your explanations regarding the above-mentioned rights that you want to exercise in the capacity of Personal Data Subject; you are required to specify the subject of your application clearly and understandably, the request must be related with you or you must be specially authorized and submit documentary evidence to prove your authorization, if you are acting on behalf of someone else, your application must contain identification and address information and attach your identification proof documents to your application.

Can Sağlık Tesisleri İşletme ve Ticaret Anonim Şirketi will finalize your request free of charge as soon as possible and within maximum 30 (thirty) days depending upon the nature of the request. However, if this operation requires extra cost, the fee indicated in the Personal Data Protection Board will be collected by Can Sağlık Tesisleri İşletme ve Ticaret Anonim Şirketi. If your request is accepted, the necessary actions are taken. However, if your application is rejected as a result of the review and assessment, the reason for rejection is notified to you in writing or electronically. You can find more information in the Article 13 and subsequent articles of the PDPL regarding your rights of making applications to the Data Controller and filing complaints with the Board. You can also send your change or update requests regarding your personal data to Can Sağlık Tesisleri İşletme ve Ticaret Anonim Şirketi by using the above-mentioned methods.

Atatürk Köşesi

Ansolon